get-fedora-latest-config: check rpm signature
This commit is contained in:
Frédéric Pierret (fepitre)
parent
0afef3372d
commit
d60bf26858
@ -11,6 +11,8 @@ releasever="$1"
|
|||||||
kernelver="$(cat "$localdir/version")"
|
kernelver="$(cat "$localdir/version")"
|
||||||
kernelsrc="linux-$kernelver"
|
kernelsrc="linux-$kernelver"
|
||||||
|
|
||||||
|
key="$localdir/keys/RPM-GPG-KEY-fedora-$releasever-primary"
|
||||||
|
|
||||||
[[ "x$releasever" == "x" ]] && { echo "Please provide Fedora release version as first argument, e.g. '29'."; exit 1; }
|
[[ "x$releasever" == "x" ]] && { echo "Please provide Fedora release version as first argument, e.g. '29'."; exit 1; }
|
||||||
|
|
||||||
# baseurl for latest kernel rpm
|
# baseurl for latest kernel rpm
|
||||||
@ -24,7 +26,13 @@ latestver="$(echo "$latestrpm" | sed 's/kernel-core-//; s/\.rpm//')"
|
|||||||
if [ "x$latestrpm" != "x" ]; then
|
if [ "x$latestrpm" != "x" ]; then
|
||||||
tmpdir=$(mktemp -d)
|
tmpdir=$(mktemp -d)
|
||||||
# download latest kernel rpm
|
# download latest kernel rpm
|
||||||
wget -q -O "$tmpdir/$latestrpm" "$url/$latestrpm"
|
wget -q -O "$tmpdir/$latestrpm.untrusted" "$url/$latestrpm"
|
||||||
|
|
||||||
|
# check signature
|
||||||
|
mkdir -p "$tmpdir/rpmdb"
|
||||||
|
rpmkeys --dbpath="$tmpdir/rpmdb" --import "$key"
|
||||||
|
{ rpmkeys --dbpath="$tmpdir/rpmdb" --checksig "$tmpdir/$latestrpm.untrusted" | grep 'signatures OK' ; } || { echo "Failed to check signature"; exit 1; }
|
||||||
|
mv "$tmpdir/$latestrpm.untrusted" "$tmpdir/$latestrpm"
|
||||||
|
|
||||||
# extract kernel sources in qubes-linux-kernel
|
# extract kernel sources in qubes-linux-kernel
|
||||||
tar xf "$localdir/$kernelsrc.tar.xz" -C "$tmpdir"
|
tar xf "$localdir/$kernelsrc.tar.xz" -C "$tmpdir"
|
||||||
|
|||||||
30
keys/RPM-GPG-KEY-fedora-25-primary
Normal file
30
keys/RPM-GPG-KEY-fedora-25-primary
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
Version: GnuPG v1
|
||||||
|
|
||||||
|
mQINBFb9YzMBEACy1RmbMa6MNIpfHYxLwgCgBVnFYCdCHZqWfYYYK14potfJ9uI2
|
||||||
|
4Y4w+oHiLeZ/HoG1EBQiDfXHetGZECAKEYQlE7BbRBcd3An9GalKTkWzcshhHFx7
|
||||||
|
f5JIprL0uY8x2D9HmCfAjMxoh6usWjmAQ+DUYd48iYCkahyZa0/2CgX9HIcEz/M/
|
||||||
|
oDeQbTwzw9AQbQz382oOErfRaXE/DQrjlx2ln0iejidiOe7DzGZOH9/Foc2KN062
|
||||||
|
A9VnZ7tU1ACKT8NxZ78RaBL3qmvMGdb7kf7GywjpRNo4J7XCQUP+nP51eCur2wMS
|
||||||
|
4mY2idDL8Ojouta79pPrviVLmwzunJoFnBcnIhbndebdxPqgOA5XAOaTdLtgurMq
|
||||||
|
90V45DPyJpkdEyptovksH7zYNGEIGB8cFmrVgUwriB0TLNJTEcM4Knbh4imfTX42
|
||||||
|
vCE+rEHn3YVqubG7rggibKznJbflwQcqOYZHLlPGYCxO47aaFUo5qJN7QN3lxajb
|
||||||
|
SzL/SdoHrVL67unzmHyktx5uF8Fv6EDgUV6NCb/IBiEwhR8YHi86NQ8nsI3K8Zhv
|
||||||
|
EnIxghJQD+cn3ykthwqYmZwi2PJDBiZsOGf3iXbalAjU3JVqoA7mboRPR+IBXQxK
|
||||||
|
xvAEpyIGeSUN8yBn+JVDRwZ37kkUVs2AOeUwMlnfFSqYFfmqbeQ73A9ECwARAQAB
|
||||||
|
tDxGZWRvcmEgMjUgUHJpbWFyeSAoMjUpIDxmZWRvcmEtMjUtcHJpbWFyeUBmZWRv
|
||||||
|
cmFwcm9qZWN0Lm9yZz6JAjgEEwECACIFAlb9YzMCGw8GCwkIBwMCBhUIAgkKCwQW
|
||||||
|
AgMBAh4BAheAAAoJEECJ2PL9sZyY1TEP/0u/v4g8HEdl9gqlhV179vXCJJiGtzB0
|
||||||
|
7IGAu++mrsxBrDpqPZTEs6dG5MyzvhhHcmHYrZIiicPAeL9xlZ75oIqQuvjDncoM
|
||||||
|
kROSGvtfUnvocZhQIPvvkgWe3UAmmP3cSlVzu3KtbTpM+KL71incWo4Tentq9L/f
|
||||||
|
vsow7vvGbKUMoSSZbAMfjJkzlzSDNlFtaRkrCBQFJ76EKeggjnEZ8H0cowCdGuyv
|
||||||
|
uBoxQeeQM13b2T9c/uyrXCIcasaOTIKTcqTjbJUTIC2NIZ8OHjtlxZacEaN3ml1M
|
||||||
|
lNRtbIvqzbtv+sb+DsOVTyd1XIcxU9s+TDKvUm0OBNvj3Bm2BQbi8RHyLFbHWvhx
|
||||||
|
Gjzb8Wb/MnlcdTlk3M2iPv8dWHXjEM9n9TKyStdpBD9X3P/Gy2gUquHgkl8p+r8o
|
||||||
|
xmzNH534mKH47kPL/trKInKwv0fkBwxvuPgHG0n79eMHQenVA8gXzG4P6JkcyObA
|
||||||
|
6xGEEQ/wXFF0gLksmwFWuPm2GcnOI5KmGNgDP2PMhS8/cfJfW04a/tL2T2zr4CmE
|
||||||
|
LynbOvY/yOJk7/2W3Cb47+yhqo/htrpJDP6n6zQNNk3+e8EVgfhkQqFxom8yCmEP
|
||||||
|
pW0gBFeE83VoytYPXRkavwmFR+tplyZfOkXG9gysTn8SpRp5+B44O+VeaZumanQZ
|
||||||
|
kRFmBygMR6M/
|
||||||
|
=NrXo
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
||||||
30
keys/RPM-GPG-KEY-fedora-29-primary
Normal file
30
keys/RPM-GPG-KEY-fedora-29-primary
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
pub 4096R/429476B4 2018-02-17 Fedora 29 (29) <fedora-29@fedoraproject.org>
|
||||||
|
|
||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
|
mQINBFqIZTcBEACjh0DKywPd0Hx9I4nGYsbUbqIU7TGZgxaT9jnVSRgkcdfRqt2C
|
||||||
|
P7EdtRbyqkMUKyL23CLwAz+YSmf9Ff9nxBSl8FiKUCNNWUYO3faEAZkZ5reDr6h6
|
||||||
|
W4a0niBMWfVLqmYjpZmkcBqgLgl+2wVq9/E9Fq9SzDktzczUF7wwAWrsKW5rwEEq
|
||||||
|
+i8jk6FSUTNMqWZq69y7Dvox8k8QIxtou5dIL3Z8qQdkc/0ynTs4bdac94FsJBM6
|
||||||
|
0qKSHP23MY7ppwOl7wttAsnaIzBaCD0UIM5qtfFBNFaYfeJ5kH1rf+NzgFjJ8y1D
|
||||||
|
xiZdEX2t4OyXvhuAQSvYyotDrJzCbusjXQYMYYqnfGcqMmTCkgGxYbdfVGbMs3x1
|
||||||
|
mMObZWMQbb9HGN0KTBaFdwA7EnMBrCGy3I9WxngGIGATOPWkPPUUxlaI9jwxT3tq
|
||||||
|
bwYY5Kn2RhD4CZyj4VIaQvGdMaop01O78QVFHhdH24abqNuPrYqEDZ+aSTgnYFKJ
|
||||||
|
cpGSsRVL+Kw/x1wik8PYzpC9tNzU1LRCi9jsX0pk9gODSgbKLWryZEgZaIdcBcJD
|
||||||
|
4U3slDjdBeTDY8pJV9z9r7z+gFPAHLqStGKj2icbv80dMGTfgUm3HqWES/XXomX9
|
||||||
|
ZWA1tV0ZlNOM8/IunmISz9MNpc3LChpcccffjrfvWBfokDKaXO9qCUgctwARAQAB
|
||||||
|
tCxGZWRvcmEgMjkgKDI5KSA8ZmVkb3JhLTI5QGZlZG9yYXByb2plY3Qub3JnPokC
|
||||||
|
OAQTAQIAIgUCWohlNwIbDwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQogql
|
||||||
|
a0KUdrR7axAAluNHQ93T7u/yIQaTCs4uGb/jEg7qbm6hRx5nsqrdm3qKNqnyXK61
|
||||||
|
nnPNoDJNk1WhZww4RdrvxCDOGyyNhGSejjvXM6RBDEOY/KmD6huPo8xN5i7JVG+E
|
||||||
|
2mlwTGe7HSg47d0wHydDNTRLQqT0VZnpkxRe3puQ4DNNHJZG1SsRl/Sf2VI1XyB/
|
||||||
|
hHbFGbLS9KvH32lCIAAtt6dbGTRZC9gsGL6XR/6o7EU5fpj7U5rYiDTFaYqmqG21
|
||||||
|
LZZV9xtqCoHcKElY7jX7Rfmk8Wn1G2zC2XR0LX7eVH7GBeXw6JbmLZjxSgd235zE
|
||||||
|
1lNSaSLMHOHMcgSHWoEC9ULzLYJuTagjK3cjk0VkKLocakRcsb9dtFcxgZGdQHfM
|
||||||
|
X7mD9epuJmqB4a6TOZoL/tiq28ORakUbjYfLz9ngnqd/pJkn9MNWcxy3yBtOdTYq
|
||||||
|
ce+61/XQk4cR2tH8V2eP7fL8YMboNkPPbcbKlcvKG/TgaS0tVrFMUmA1xmDihzf6
|
||||||
|
gupAANlcMkYo0hm+z1hLvgqosp14oTocJeXLAFVw5dxnb9bmqjBy+77u/rqrY0Ek
|
||||||
|
LQd9XnXgowUQl0RSNXgcIIfEkVBipL/2YB+MFBmMQKcTDXX7lc/hl6W4BFmVj2KH
|
||||||
|
kPdZzUOJQVYfe90Rt3hfXHViUw118hkTaJhrCPVwkFbaUWscEA2OaFI=
|
||||||
|
=QzSY
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
||||||
Loading…
Reference in New Issue
Block a user